search cancel

Private key not being returned on digital certificate call by CA ACF2

book

Article ID: 243336

calendar_today

Updated On:

Products

LDAP SERVER FOR Z/OS

Issue/Introduction

CA LDAP SSL connection fails with no private key message in LDAP trace.  The SDERR log has the following entries: 

TLS: can't accept: Key entry does not contain a private key
connection_read(8): TLS accept failure error=-1 id=1001, closing
connection_closing: readying conn=1001 sd=8 for close  

Environment

Release : 15.0

Component : LDAP Server for z/OS

Resolution

The private key is not returned because user needs DELETE access to the FACILITY resource class as shown below:

SET RESOURCE(FAC)
RECKEY IRR ADD( DIGTCERT.GENCERT UID(uid of ldapserver stc) SERVICE(DELETE) ALLOW)
F ACF2,REBUILD(FAC)